3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/nixos/modules/security
Dominique Martinet f8d78b9f67
confinement: fix assert for serviceConfig.ProtectSystem
serviceConfig.ProtectSystem is usually a string so if set, the assert
itself would error out leaving no useable trace:

  # nixos-rebuild switch --show-trace
  building Nix...
  building the system configuration...
  error: while evaluating the attribute 'config.system.build.toplevel' at /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/activation/top-level.nix:293:5:
  while evaluating 'foldr' at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/lists.nix:52:20, called from /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/activation/top-level.nix:128:12:
  while evaluating 'fold'' at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/lists.nix:55:15, called from /nix/var/nix/profiles/per-user/root/channels/nixos/lib/lists.nix:59:8:
  while evaluating anonymous function at /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/activation/top-level.nix:121:50, called from undefined position:
  while evaluating the attribute 'assertion' at /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/security/systemd-confinement.nix:163:7:
  value is a string while a Boolean was expected

Fix the check to give a sensible assert message instead; the attribute
should either be not set or false bool to pass.

Closes: #99000
2020-10-14 11:56:18 +02:00
..
wrappers Revert "apparmor: fix and improve the service" 2020-10-07 12:22:18 +02:00
acme.nix Merge pull request #99912 from m1cr0man/ocspfix 2020-10-11 23:44:33 +02:00
acme.xml nixos/acme: Update docs, use assert more effectively 2020-09-05 01:06:29 +01:00
apparmor-suid.nix Revert "apparmor: fix and improve the service" 2020-10-07 12:22:18 +02:00
apparmor.nix Revert "apparmor: fix and improve the service" 2020-10-07 12:22:18 +02:00
audit.nix
auditd.nix auditd service: make more useful 2019-06-10 18:55:11 +03:00
ca.nix
chromium-suid-sandbox.nix nixos/treewide: Move rename.nix imports to their respective modules 2019-12-10 02:51:19 +01:00
dhparams.nix
doas.nix nixos/doas: default rule should be first 2020-05-10 22:14:16 -07:00
duosec.nix treewide: fix modules options types where the default is null 2020-04-28 19:13:59 +02:00
google_oslogin.nix nixos/google-oslogin: add to system.nssDatabases.group too 2020-05-11 16:14:50 +02:00
hidepid.nix
hidepid.xml Revert "nixos/doc: re-format" 2019-09-19 19:17:30 +02:00
lock-kernel-modules.nix
misc.nix nixos/security/misc: add option unprivilegedUsernsClone 2020-08-25 14:18:24 +03:00
oath.nix
pam.nix nixos/pam: remove trailing whitespace 2020-10-09 18:31:20 +10:00
pam_mount.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
pam_usb.nix
polkit.nix nixos/polkit: remove root from adminIdentities 2019-12-09 19:11:09 -05:00
rngd.nix nixos/modules/security/rngd: Disable by default 2020-09-09 21:51:25 -04:00
rtkit.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
sudo.nix nixos/sudo: add package option 2020-10-01 13:00:52 +02:00
systemd-confinement.nix confinement: fix assert for serviceConfig.ProtectSystem 2020-10-14 11:56:18 +02:00
tpm2.nix nixos: remove StandardOutput=syslog, StandardError=syslog lines 2020-08-13 18:49:15 +02:00